Mornings With Mark

Security research can be a tricky thing. Depending on where you are and what jurisdiction you fall under, the research you conduct may be illegal. That can give companies who are resistant to outside researchers the ammo they need to strong arm research teams. What's the best way forward? There are no clear answers but the first step is definitely an understanding of the risk. The second is to be aware that researching a vendor with a bug bounty program or using a third party broker can help mitigate that risk but there is no silver bullet here. The next steps? Lots of discussion and awareness...lets get started. References; original article on SecJuice.com, https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ a sampling of the Twitter discussion, https://twitter.com/Secjuice/status/1092877050527076353?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet US criminal code reference, https://www.law.cornell.edu/uscode/text/18/1030